Blockchain analytics and security firm, PeckShield, has revealed that malicious actors are targeting users of the Solana-based gaming platform STEPN through several phishing sites.
STEPN’s popularity attracts bad actors
These sites have a malicious MetaMask plugin that allows them to steal seed phrases of unsuspecting visitors.
The link also prompts these visitors to connect their wallets to claim a false giveaway, which gives these hackers complete access to the users’ wallets, where they can steal crypto assets.
#PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic.twitter.com/cmWUcprMAN
— PeckShieldAlert (@PeckShieldAlert) April 25, 2022
STEPN is a Web3 gaming and lifestyle platform that allows players to earn Green Satoshis (GST) based on their movement. The platform tracks this through the GPS on their players’ mobile devices.
The platform has become increasingly popular in recent weeks, and per data on its Twitter account, it has recorded over 1.5 million users within the last 30 days. This is largely fueled by the massive rise of its token from a low of $0.01 to as high as over $3 within the same time frame.
In its tweet, PeckShield urged the community to add its PeckShield free extension to their wallet so that they can detect any phishing site. The firm also advised them to report any suspicious activity on their account to the dev team.
While STEPN is yet to release an official statement about this phishing attack, one user revealed that he had successfully contacted the support team to help him fix an issue he was facing.
As of press time, we couldn’t verify if any user had suffered a loss due to this phishing attempt.
Phishing attacks are becoming more prevalent
This STEPN incident shows how common phishing attacks have become within the crypto space. In the past few months, there have been multiple phishing attacks and attempts that have resulted in the loss of millions for many crypto holders.
DeFiance Capital founder Arthur Cheong was the victim of one spear-phishing attack that led to losing $1.7 million worth of NFTs. Another attack saw a leading NFT marketplace, OpenSea, reveal that some users had lost millions of their NFTs to “phishing.”
Earlier this month, CryptoSlate reported that there was a phishing attack attempt that was targeted at users of Trezor wallet after its mailing list was compromised.
The increase in these attacks has led to increased calls within the crypto community for investors to be wary of connecting their wallets to random sites and clicking on random links.